RSA Conference 2011 - Recap
President & CEO
I settle in from a week-long look at the most pressing issues facing
the security industry, I wanted to share my takeaways from RSA
Conference 2011. Much of
this perspective is based on interactions with IT professionals
and industry thought leaders I met during the show.
takeaway for Lieberman Software is the very positive response we received
from customers and analysts regarding our technical integrations that
bring privileged identity information into existing SIEM (Security
Information & Event Management) frameworks such as ArcSight, RSA
enVision and Q1 Labs.
We also heard from
a growing number of IT managers who expressed dissatisfaction with
the time needed to implement other (non-Lieberman Software) privileged identity management solutions; in many cases these
implementations are taking a year or longer and involve costly
professional services investments. The good news is that these same
companies are finally asking the right questions about how to implement
privileged identity management correctly. There was a general tone
of willingness to migrate from simplistic check box product comparisons
to implementing real security solutions in a reasonable period of time
without professional services or one-off customizations.
Finally, a trend
that permeated the RSA Conference is the understanding that public cloud security is wholly inadequate. Potential cloud
adopters are beginning to read the terms of service and are staying
clear of many off-the-shelf offerings. We are seeing adoption of
private clouds hosted by the major cloud vendors but here, too, there
appear to be many “special accommodations” to augment security provided
the deal is big enough.
Conference 2011 was well attended and both customers and analysts seem
bullish about the future. The show did not disappoint.
What are your
takeaways from the RSA Conference? Email
me at: email@example.com.
You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.
Tip of the Month
VIDEO: Microsoft System
Center Service Manager Integration With Privileged Identity Management
Before someone gains access to a sensitive system, ITIL processes
require that a trouble ticket be opened. A chain of events occurs prior
to someone having access to a sensitive system. That is Microsoft
System Center Service Manager (SCSM) functionality. We link in to the
trouble ticket workflow, and make sure that a valid ticket exists
before credentials to sensitive systems are released. Only authorized
admins with valid trouble tickets have the ability to retrieve
passwords for systems they need to repair or manage. And, any actions
we do to provide access to that sensitive system are logged on that
11:26 minute video presents and demonstrates how Lieberman Software has
integrated its flagship privileged identity management solution -
Enterprise Random Password Manager (ERPM) - with SCSM. There is a whiteboard presentation
followed by a product demonstration of the integration.
Click here to view!
New in Identity Week
commentary on our Identity Week blog this month includes:
- The Surprising Truth About Smartphone App
I recently shared my thoughts on a troubling
topic covered in InfoSecurity Magazine, and many other publications. As
you’re probably aware, research from a US university undergraduate
professor, Dan Wallach, shows that several Android apps, including an
approved Facebook application, are sending out all data except for
passwords “in the clear”...
- Cyber-Attack on Canada
The Daily Tech reported China’s cyber-attack on Canada in this news
story: “China Appears to Have Committed 'Unprecedented' Cyber-Attack on
Canada”. The article discusses how Canada appears to have become the
latest victim of Chinese cyber-aggression...
- Not Ready for Online Voting
Technology, with all its promise of time and cost savings, is often
considered a panacea for the ills of our age – whether at the
corporate, societal or personal level. I recently participated in a
discussion about how technology might resolve an alarming trend in
developed nations: the steady decline in voter turnout...
RSA enVision Integration:
Lieberman Software and RSA have collaborated to provide greater control
over access to critical IT resources by removing user anonymity and
revealing who has access to sensitive systems, when and for what
purpose. The products work together to give IT management a clear view
of what is happening within their environments and who specifically is
behind the activity.
For details on this integration, please visit our RSA enVision
Events / Press /
18-20, 2011. Orlando, FL. Visit us at Booth 308. Get 10% off
your registration by using the code OS11/VDIS
- Infosecurity Europe. 19-21 April 2011.
London, UK. Register
FREE to attend and join over 12,500 information security
professionals for 3 days at Earl's Court. Visit us in Booth F2.
Software YouTube Channel. Check
out the new videos we have uploaded to our YouTube channel:
integrations with Microsoft System Center products, ERPM demos, and
- Lieberman Software Joins Cloud Security
Alliance. We will
work with the Cloud
Security Alliance to provide insights gained from our successful
track record of managing privileged identities in private, hybrid and
public cloud environments. We share the belief that the success of
cloud vendors and their customers will only occur when security and
transparency are equivalent or better than what can be provided by
- Lieberman Software is Finalist in SC
Magazine Awards Europe 2011. We are proud to announce that
the company has been nominated as a finalist in the SC Magazine Europe
security awards. This prestigious nomination is for Enterprise
Random Password Manager™ (ERPM), the company’s flagship PIM solution.
ERPM automates the tasks to locate, inventory, organize and manage the
thousands of privileged account passwords dispersed throughout large
- Business Technology Perspectives Blog - Top
Security Trends for 2011.
Windows IT Pro.
While some progress has been made towards improving cloud security,
many security obstacles remain. Lieberman Software President and CEO
Philip Lieberman echoed that sentiment, saying that "Customers have a
real reason to be concerned. There's a lack of transparency and
consistency when it comes to logs and auditing, to reveal what is truly
happening in a cloud environment," Lieberman said.
- Smartphone Apps Not Secure Says Lieberman
CEO. Phones Review.
Lieberman Software specializes in security solutions and privileged
identity management, and Phil further states… “This is the biggest
issue with open source software. Whilst the economic imperative to go
open source is clearly very strong, companies that use open source,
such as Android, which is based on Linux code, also need to ensure
their software is robust on the security front, and this process costs
- Pervasive memory scraping enables hackers
to grab personally identifiable information from users' PCs. SecurityPark.net. The SANS
Institute has reported a new trend in hacking techniques, used by
hackers to grab personally identifiable information (PII) from users'
PCs. Known as ‘pervasive memory scraping,’ the technique relies on the
fact that certain areas of Windows memory are only occasionally
overwritten, meaning that data from software that has been closed down
on the PC, can still remain for some time after.
outsourcers using in-house knowledge gap as a license to print money?
Inside Outsourcing - ComputerWeekly.com. "If Dave had just
picked up the phone and given me a call I’d have been able to tell him
that manually trying to manage his privileged accounts was just a money
trap and wouldn't work. By automating the process, within a week his
privileged identities could be under control and managed going forward
– without a contract negotiation in sight."
- Closing the
privileged identity visibility gap. Help Net Security. Because
SIEM systems were not designed with privileged identities in mind, they
have no way to tie security events that are triggered through use of
these accounts with the individuals and processes responsible. This
lack of visibility can leave IT staff with too little information to
make informed decisions and the inability to differentiate between
routine security events and potentially damaging – or even criminal –